Kaspersky Lab links Lazarus Hacking group to Bangladesh cyber heist

Kaspersky Lab’s report states that at the face of it Lazarus is linked to North Korea however the link is not conclusive. Given the fact that Lazarus is a group of professional hackers, the chances of finding clinching evidence is minor. In that respect, Kaspersky Lab’s report is significant.

In a significant development which sheds further light into the biggest cyber heist in recent times, Kaspersky Lab has disclosed it has obtained digital evidence that points an accusatory finger at North Korea for 2016’s $81 million cyber heist of the Bangladesh central bank’s account at the Federal Reserve Bank of New York.

In its 58-page report on Lazarus, the hacking grouped linked to the heist, Kaspersky states the hackers had made a direct connection from an IP address in North Korea to a server in Europe which was used to control systems which were infected by it.

Kaspersky’s Vitaly Kamluk, a cyber security researcher, stated that this is “the first time we have seen a direct connection” between North Korea and Lazarus, the hacking group whose activities, dating back to 2009, have been documented by the world’s biggest cyber security firms.

The North Korean government has denied the allegations.

Significantly, Kamluk has said he is not able to conclusively state whether Pyongyang was behind the attacks since it is possible that the hackers went to great length to make it appear that their IP originated from North Korea, or that North Koreans were behind the heist.

He went on to add, that on the face of it, the involvement of North Korea was the most likely explanation.

Last month, officials from the FBI also suspected the involvement of Pyongyang in the cyber heist. As per an official briefed on the probe, the FBI believes North Korea was responsible for the Bangladesh heist.

Rick Ledgett, the deputy director of the National Security Agency, told the media at an Aspen Institute event on March 15 that private sector research has tied North Korea to the Bangladesh bank heist.

“If that’s true, then that says to me that the North Koreans are robbing banks,” said Ledgett. “That’s a big deal.”

As per Adrian Nish, who heads the threat intelligence wing of BAE Systems PLC, a cyber security firm, Kaspersky’s findings were significant despite the fact that it does not conclusively link Pyongyang to Lazarus.

“It is significant further evidence,” said Nish, who led a team at BAE that in May 2016 was the first to link the Bangladesh heist and the Sony hack.